TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:

TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:
SLIDE TRANSITION: ADDITIONAL INFORMATION FOR PRESENTER:

Serie de difusión por el Web de Administración de Windows Server 2003 Parte 10: VPN y RAS
KEY MESSAGE: Title Slide SLIDE BUILDS: 0 SLIDE SCRIPT: Hello and Welcome to this Windows Server 2003 Administration Webcast Series. This is part 10 and we’ll be covering Virtual Private Networks and Remote Access Services. My name is {insert name}. SLIDE TRANSITION: Here’s what we will cover today. ADDITIONAL INFORMATION FOR PRESENTER:

Lo que vamos a cubrir: Configurar y autorizar una conexión de acceso remoto Consideraciones para las Redes privadas virtuales y su administración Autenticar conexiones remotas con RADIUS/IAS KEY MESSAGE: What we will Cover SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] This session is divided into three distinct parts, all dealing with how to provide more secure remote access to your network. We’ll start by showing how to enable dial-up connections to the network and configuring a Windows XP client to connect to the Remote Access, or RAS server. [BUILD2] Then we’ll turn our attention toward broadband access to the network through the Internet using a Virtual Private Network, or VPN, connection. [BUILD3] We’ll end the session by discussing how to centrally manage the authentication and security of a group of RAS servers using the Windows Server 2003 Internet Authentication (IAS) service and a RADIUS server and proxy. SLIDE TRANSITION: To get the most out of this session, you should have the following knowledge and experience. ADDITIONAL INFORMATION FOR PRESENTER:

Conocimiento previo Nivel 200
Experiencia en administrar servidores Windows Server 2003 Experiencia en dar soporte a las redes de Microsoft Cierta familiaridad con las tecnologías de redes y telecomunicaciones KEY MESSAGE: Prerequisite Knowledge SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] You should be familiar with the basics of the Windows Server 2003 user interface. [BUILD2] You should also have experience supporting Microsoft networks. [BUILD3] It will be helpful if you have some familiarity with networking and telecommunications technologies. SLIDE TRANSITION: Now let’s look at the session agenda. ADDITIONAL INFORMATION FOR PRESENTER: Nivel 200

Agenda Repaso Conexiones de acceso remoto Redes privadas virtuales
RADIUS e IAS KEY MESSAGE: Agenda SLIDE BUILDS: 0 SLIDE SCRIPT: Here is the agenda for this session. We’ll start with a review of the previous Webcast on DHCP. After this review, we’ll move on to the topics for this session. We’ll start with a brief overview the remote access concepts, though this section will focus mainly on dial-up connections. Next, we’ll look at the newer, faster remote access model by talking about VPNs. Finally, when an enterprise environment has multiple remote access servers it helps to have a way to centrally manage the authentication. In the last part of this session, we’ll examine the Microsoft Windows Server 2003 implementation of RADIUS with IAS. SLIDE TRANSITION: Let’s start with the review of the DHCP Webcast. ADDITIONAL INFORMATION FOR PRESENTER:

Repaso DHCP DHCP reduce la necesidad de configurar manualmente las direcciones Establezca las configuraciones específicas por subred o ubicación a través de los alcances y las opciones Siga las mejores prácticas y las precauciones de seguridad al implementar DHCP KEY MESSAGE: Review SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] During the previous session, we talked about how the Windows Server 2003 DHCP server improves your network flexibility by providing clients with automatic TCP/IP configuration. This allows you to manage the client’s configuration centrally rather than requiring a visit each client for manual configuration. [BUILD2] We looked as scopes as a grouping of IP addresses for distribution to clients, superscopes as an administrative grouping of one or more DHCP scopes, and multicast scopes for enabling multicasting applications such as streaming audio or video. [BUILD3] We also covered some security precautions and best practices for a DHCP deployment. Remember that DHCP is an unsecured protocol so you must guard your network from unauthorized access and review DHCP logs on a regular basis. SLIDE TRANSITION: Let’s look at some review questions. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Cuál de las siguientes opciones representa correctamente el...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Descubrimiento de arrendamiento de IP, reconocimiento del descubrimiento de IP, solicitud de arrendamiento de IP, oferta de arrendamiento de IP Descubrimiento de arrendamiento de IP, oferta de arrendamiento de IP, solicitud de arrendamiento de IP, reconocimiento de arrendamiento de IP Solicitud de arrendamiento de IP, reconocimiento de arrendamiento de IP, descubrimiento de arrendamiento de IP, oferta de arrendamiento de IP

Repaso Instalar y autorizar DHCP
¿Cuál de las siguientes opciones representa correctamente el proceso de comunicación entre el cliente DHCP y el servidor DHCP? Descubrimiento de arrendamiento de IP, reconocimiento del descubrimiento de IP, solicitud de arrendamiento de IP, oferta de arrendamiento de IP Descubrimiento de arrendamiento de IP, oferta de arrendamiento de IP, solicitud de arrendamiento de IP, reconocimiento de arrendamiento de IP Solicitud de arrendamiento de IP, reconocimiento de arrendamiento de IP, descubrimiento de arrendamiento de IP, oferta de arrendamiento de IP KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Which of the following correctly represents the communication process between the DHCP client and DHCP server? The correct answer is 2. The DHCP IP address assignment process follows the four step process of discovery, offer, request, and acknowledgement. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Cuando trabaja con un alcance DHCP, usted puede...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Conjunto de direcciones DHCP Rango de exclusión de DHCP Opciones de DHCP Reservación de DHCP

Cuando trabaja con un alcance DHCP, usted puede cambiar la configuración de todos los siguientes excepto... Conjunto de direcciones DHCP Rango de exclusión de DHCP Opciones de DHCP Reservación de DHCP KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: When working with an existing DHCP scope, you can change the configuration of all the following except? The correct answer is 1, the DHCP address pool. After you create a DHCP scope, you will typically configure the scopes exclusion range, options, and reservations. The console provides no method to change the address pool. If you need to change an address pool, you must delete the scope and then recreate it. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Cuál de las siguientes no es un Servidor DHCP, ...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Dirección IP Enrutador Servidor DNS Servidor de tiempo

¿Cuál de las siguientes no es un Servidor DHCP, Alcance u opción de Reservación? Dirección IP Enrutador Servidor DNS Servidor de tiempo KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Which of the following is not a valid DHCP Server, Scope, or Reservation option? The correct answer is 1, IP address. Though the DHCP server’s main purpose is to configure the DHCP client with a valid IP address, the IP address is not considered a DHCP option within the DHCP management console. You can, however, configure DHCP options for a client’s Router, DNS server, and time server, among other things. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿A qué nivel puede implementar las Opciones de DHCP?
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Servidores Alcance Reservación Todas las anteriores

Repaso Administrar el Servidor DHCP
¿A qué nivel puede implementar las Opciones de DHCP? Servidores Alcance Reservación Todas las anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: At what level can you implement DHCP Options? The correct answer is 4, all of the above. Through the DHCP management console, you can configure DHCP options on the server, scope and reservation levels. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Suponiendo que tiene diferentes opciones DHCP configuradas...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Servidores Alcance Reservación Aplican todos los niveles

Suponiendo que tiene diferentes opciones DHCP configuradas a nivel Servidor, Alcance y Reservación, ¿qué opción de DHCP tiene precedencia? Servidores Alcance Reservación Aplican todos los niveles KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Assuming you have different DHCP options configured at the Server, Scope, and Reservation level, which DHCP option takes precedence? The correct answer is 3. Of the three levels at which we can configure DHCP options, the options set on an individual reservation will override the options set at the server and scope levels. If the DHCP option at the reservation level is not configured, the client will receive the scope option over the server option. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿ A qué distribuye direcciones IP...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] PCs cliente Grupos de multidifusión Grupos de clientes Aplicaciones de multidifusión

¿A qué distribuye direcciones IP un alcance de multidifusión? PCs cliente Grupos de multidifusión Grupos de clientes Aplicaciones de multidifusión KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: To what does a Multicast Scope distribute IP addresses? The correct answer is 4, multicast applications. When creating a Multicast Scope, you are creating a distribution range for use by multicasting applications, such as streaming audio or video. Each application must use a unique multicast address for its content to be received by the members of the multicast group. The multicast application manages the membership of the multicast group. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Qué debe hacer para proteger su red contra ataques...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Proteger su red contra el acceso no autorizado Mantener habilitado el registro del servidor DHCP Auditar los registros del servidor DHCP con frecuencia Todas las anteriores.

Repaso Funciones y herramientas adicionales
¿Qué debe hacer para proteger su red contra ataques realizados a través de DHCP? Proteger su red contra el acceso no autorizado Mantener habilitado el registro del servidor DHCP Auditar los registros del servidor DHCP con frecuencia Todas las anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: What should you do to protect your network from attacks made through DHCP? The correct answer is 4, all of the above. Protecting your network from unauthorized access, enabling DHCP server logging, and then auditing those logs are the best ways you can protect your network from attacks against the DHCP server, against the DNS server, or from distributing IP addresses from an unauthorized server. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: En la consola de administración DHCP, ¿a qué nivel puede...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Servidores Alcance Súper alcance Todas las anteriores

En la consola de administración DHCP, ¿a qué nivel puede acceder a sus estadísticas? Servidores Alcance Súper alcance Todas las anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: In the DHCP management console, at what level can you access statistics? The correct answer is 4, all of the above. Though the server level statistics provides the most amount of information, we can access statistics for an individual scope and superscope. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Además de la consola de administración DHCP, ¿qué otros...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] ADNET DHCP NETSH DHCP NTDSUTIL DHCP WMI DHCP

Además de la consola de administración DHCP, ¿qué otros métodos proporciona Windows Server 2003 para administrar sus servidores DHCP en toda la empresa? ADNET DHCP NETSH DHCP NTDSUTIL DHCP WMI DHCP KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Aside from the DHCP management console, what other method does Windows Server 2003 provide to manage your DHCP servers enterprise-wide? The correct answer is 2, NETSH DHCP. This command-line utility can be run in interactive mode, non-interactive mode, or through a script to manage most aspects of the DHCP serve, as well as other network services. SLIDE TRANSITION: Now let’s return to the agenda. ADDITIONAL INFORMATION FOR PRESENTER:

RADIUS e IAS KEY MESSAGE: Agenda SLIDE BUILDS: 0 SLIDE SCRIPT: We’ll with a discussion of Remote Access services and focus on dial-up connections. SLIDE TRANSITION: Let’s start by looking at common types of remote access. ADDITIONAL INFORMATION FOR PRESENTER:

Conexiones de acceso remoto Tipos de acceso remoto
KEY MESSAGE: Types of Remote Access SLIDE BUILDS: 5 SLIDE SCRIPT: [BUILD1] With a secure network architecture based on Windows Server 2003 in place, the first step in designing a remote access server solution is deciding whether to provide network access to remote clients by using dial-up networking, a VPN solution, or a combination of both. Each method for providing remote access has advantages and disadvantages that you must weigh based on the needs of your organization. [BUILD2] A dial-up networking solution provides a secure data path over a circuit-switched connection, and it provides the convenience of direct dial-up connectivity to your network for mobile users. [BUILD3] In contrast, a VPN solution, by using the Internet as a connection medium, saves the cost of long-distance phone service and hardware costs. To mitigate the public nature of the Internet, VPNs use a variety of security technologies, including tunneling, encryption, and authentication. [BUILD4] In a dial-up networking solution, remote users call in to a remote access server on your network. Dial-up lines are inherently more private than a solution that uses a public network such as the Internet. However, with dial-up networking, your organization faces a large initial investment and continuing expenses throughout the life cycle of the solution. These expenses include hardware purchase and installation, monthly phone costs, and ongoing support. [BUILD5] In a VPN solution for remote access, users connect to your corporate network over the Internet. VPNs use a combination of tunneling, authentication, and encryption technologies to create secure connections. To ensure the highest level of security for a VPN deployment, use Layer Two Tunneling Protocol with Internet Protocol security. Many organizations with extensive remote access requirements implement a VPN solution. VPNs reduce remote access expenses by using the existing Internet infrastructure. You can use a VPN to partially or entirely replace your centralized, in-house, dial-up remote access infrastructure and legacy services. VPNs offer two primary benefits by reducing costs and providing sufficient security. SLIDE TRANSITION: Let’s look at the infrastructure of the dial-up wide area network. ADDITIONAL INFORMATION FOR PRESENTER: Servidor de acceso remoto de marcación P.O.T.S. Túnel de IP a través de Internet Servidor VPN Red de área local

Conexiones de acceso remoto Infraestructura WAN de marcación
Tecnologías de telecomunicaciones de la infraestructura WAN Red telefónica pública y conmutada (PSTN) Red de servicios digitales integrados (ISDN) X.25 Modo de transferencia asíncrona (ATM) KEY MESSAGE: Dial-up WAN Infrastructure SLIDE BUILDS: 6 SLIDE SCRIPT: [BUILD1] The physical or logical connection between the remote access server and the remote access client is facilitated by dial-up equipment installed at the remote access client, the remote access server, and the WAN infrastructure. The nature of the dial-up equipment and WAN infrastructure varies, depending on the type of connection. [BUILD2] PSTN, also known as Plain Old Telephone Service or POTS, is the most common network used for dial-up remote access. PSTN is the analog phone system designed to carry the minimum frequencies required to distinguish human voices. Dial-up equipment consists of an analog modem at the remote access client and at least one analog modem at the remote access server. For large organizations, the remote access server may be attached to a modem bank containing up to hundreds of modems. Because PSTN was not designed for data transmission, there are limits to the maximum bit rate of a PSTN connection. The maximum bit rate supported by PSTN connections is 33.6 kilobits per second. The maximum bit rate of PSTN depends on the range of frequencies being passed by PSTN switches and the signal-to-noise ratio of the connection. The modern-day analog phone system is only analog on the local loop, the set of wires that connect the customer to the central office PSTN switch. After the analog signal reaches the PSTN switch, it is converted to a digital signal. The analog-to-digital conversion introduces noise on the connection known as quantization noise. [BUILD3] When a remote access server is connected to a CO by using a digital switch based on T-Carrier or ISDN rather than an analog PSTN switch, there is no analog-to-digital conversion when the remote access server sends information to the remote access client. Because there is no quantization noise in the path back to the remote access client, there is a higher signal-to-noise ratio and, therefore, a higher maximum bit rate. With this technology, called V.90, remote access clients can send data at 33.6 Kbps and receive data at 56 Kbps. [BUILD4] ISDN is a set of international specifications for a digital replacement of PSTN. ISDN provides a single digital network to handle voice, data, fax, and other services over existing local loop wiring. ISDN behaves like an analog phone line except that it is a digital technology with higher data rates and a much lower connection time. ISDN offers multiple channels, with each channel operating at 64 Kbps. Because the network is digital from end to end, there are no analog-to-digital conversions. Dial-up equipment consists of an ISDN adapter for the remote access client and the remote access server. Remote access clients typically use Basic Rate ISDN, or BRI, with two 64-Kbps channels; large organizations typically use Primary Rate ISDN, or PRI, with Kbps channels. Servidor de acceso remoto Cliente de acceso remoto T-Carrier o vínculo ISDN Adaptador ISDN Tarjeta inteligente X.25 Adaptador ATM Módem V.90 Módem X.25 ISDN PSTN ASDL Tarjeta inteligente X.25 Adaptador ATM Módem V.90 Módem Adaptador ISDN

Conexiones de acceso remoto Infraestructura WAN de marcación
Tecnologías de telecomunicaciones de la infraestructura WAN Red telefónica pública y conmutada (PSTN) Red de servicios digitales integrados (ISDN) X.25 Modo de transferencia asíncrona (ATM) KEY MESSAGE: Dial-up WAN Infrastructure SLIDE BUILDS: 6 SLIDE SCRIPT: [BUILD5] X.25 is an international standard for sending data across public packet-switching networks. Windows Server 2003 remote access supports X.25 in two ways. First the remote access client supports the use of X.25 smart cards, which can connect directly to the X.25 data network and use the X.25 protocol to establish connections and send and receive data. The remote access client also supports dialing into a packet assembler and disassembler of an X.25 carrier using an analog modem. Secondly, a remote access server only supports direct connections to X.25 networks by using an X.25 smart card. X.25 smart cards are adapters that use the X.25 protocol and can directly connect to an X.25 public data network. X.25 smart cards are not related to smart cards used for authentication and secure communications. [BUILD6] ATM is a fixed-length, cell-based, packet-switching technology that transmits data across an ATM network. RRAS supports PPP connections over switched virtual circuit or permanent virtual circuit ATM connections. PPP connections over ATM require an ATM adapter with support for the physical connection to the ATM network. After it is installed, the ATM adapter appears as a dial-up device. ADSL is a local loop technology for small business and residential customers. Although ADSL provides higher bit rates than PSTN and ISDN connections, the bit rate is not the same in the upstream and downstream directions. Typical ADSL connections offer 64 Kbps from the customer and megabits per second to the customer. The asymmetric nature of the connection fits well with typical Internet use. Most Internet users receive a lot more information than they send. ADSL equipment can appear to Windows Server 2003 as either an Ethernet interface or a dial-up interface. When an ADSL adapter appears as an Ethernet interface, the ADSL connection operates in the same way as an Ethernet connection to the Internet. When an ADSL adapter appears as a dial-up device, ADSL provides a physical connection and the individual LAN protocol packets are sent using ATM. An ATM adapter with an ADSL port is installed in both the remote access client and remote access server. SLIDE TRANSITION: We’ll see references to a number of components and protocols when working with remote access technologies. ADDITIONAL INFORMATION FOR PRESENTER: Servidor de acceso remoto Cliente de acceso remoto T-Carrier o vínculo ISDN Adaptador ISDN Tarjeta inteligente X.25 Adaptador ATM Módem V.90 Módem X.25 ISDN PSTN ASDL Tarjeta inteligente X.25 Adaptador ATM Módem V.90 Módem Adaptador ISDN

Conexiones de acceso remoto Protocolos y componentes
Protocolos de acceso remoto Protocolo de punto a punto (PPP) Protocolo de línea serial de Internet (SLIP) Autenticación contra autorización Políticas de acceso remoto KEY MESSAGE: Protocols and Components SLIDE BUILDS: 4 SLIDE SCRIPT: [BUILD1] Windows Server 2003 supports two remote access protocols, the Point to Point Protocol PPP) and the Serial Line Internet Protocol (SLIP). PPP is an industry standard method of using point-to-point links to transport multi-protocol datagrams. A PPP-enabled connection can dial into remote networks through any industry-standard PPP server. PPP also permits a remote access server to receive calls from, and provide network access to, other vendors’ remote access software that complies with the PPP standards. SLIP is an older remote access standard typically used by UNIX remote access servers. Support for SLIP is included in the Windows remote access client to ensure interoperability with other remote access software. [BUILD2] To understand why connection attempts are either accepted or denied, it is important to understand the distinction between authentication and authorization. Authentication is the verification of the credentials of the connection attempt. This process consists of sending the credentials from the remote access client to the remote access server in either plain text or an encrypted form by using an authentication protocol. Authorization is the determination that the connection attempt is allowed. Authorization occurs after successful authentication. To be accepted, the remote access connection attempt must be both authenticated and authorized. It is possible for the connection attempt to be authenticated by using valid credentials, but not authorized. In this case, the connection attempt is denied. If a remote access server is configured for Windows Authentication, the security features of Windows Server 2003 are used to verify the credentials for authentication, and the dial-in properties of the user account and locally stored remote access policies are used to authorize the connection. If the connection attempt is both authenticated and authorized, the connection attempt is accepted. [BUILD3] In Windows Server 2003, remote access connections are accepted based on the dial-in properties of a user account and remote access policies. A remote access policy is a set of conditions and connection parameters that define the characteristics of the incoming connection and the set of constraints imposed on it. Remote access policies can be used to specify allowed connections conditioned by the time of day and day of the week, the Windows Server 2003 group to which the dial-in user belongs, the type of remote access client, and so on. Remote access policies can be used to impose connection parameters such as maximum session time, idle disconnect time, required secure authentication methods, required encryption, and so on. SLIDE TRANSITION: What are the choices for authentication? ADDITIONAL INFORMATION FOR PRESENTER:

Conexiones de acceso remoto Protocolos de autenticación
Autenticación segura de usuario Protocolo de autenticación por desafío mutuo (CHAP) Protocolo de autenticación de contraseña Shiva (SPAP) Protocolo de autenticación por desafío mutuo de Microsoft versión 1 (MS-CHAP) Protocolo de autenticación por desafío mutuo de Microsoft versión 2 (MS-CHAP) Protocolo de autenticación ampliable (EAP) KEY MESSAGE: Authentication Protocols SLIDE BUILDS: 1 SLIDE SCRIPT: [BUILD1] Secure user authentication is obtained through the encrypted exchange of user credentials. This is possible with the PPP remote access protocol using one of the listed authentication protocols. MS-CHAP, MS-CHAP v2, and EAP offer the most security. The remote access server can be configured to require a secure authentication method, wherein if the remote access client cannot perform the required secure authentication, the connection is denied. A secure authentication scheme provides protection against replay attacks, remote access client impersonation, and remote access server impersonation. A replay attack occurs when a person captures the packets of a successful connection attempt and then replays those packets in an attempt to obtain an authenticated connection. Remote access client impersonation occurs when a person takes over an existing authenticated connection. The intruder waits until the connection is authenticated and then obtains the connection parameters, disconnects the user, and takes control of the authenticated connection. Remote server impersonation occurs when a computer appears as the remote access server to the remote access client. The impersonator appears to verify the remote access client credentials and then captures all of the traffic from the remote access client. SLIDE TRANSITION: Let’s go to the first demonstration for this session. ADDITIONAL INFORMATION FOR PRESENTER:

demo Conexiones de acceso remoto Crear un servidor de marcación
Explorar el servidor de marcación Crear una conexión de marcación Configuraciones de opciones de usuario KEY MESSAGE: Demonstration: Remote Access Connections SLIDE BUILDS: 0 SLIDE SCRIPT: SLIDE TRANSITION: Now let’s review what we covered in this section. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: En el Servidor de acceso remoto de Windows Server 2003, ...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Usuarios de Active Directory y PCs MMC Políticas de acceso remoto Servicio MMC de autorización de Internet Políticas de acceso de marcación

Conexiones de acceso remoto Repaso
En el Servidor de acceso remoto de Windows Server 2003, ¿dónde puede configurar los permisos de marcación para grupos de usuarios? Usuarios de Active Directory y PCs MMC Políticas de acceso remoto Servicio MMC de autorización de Internet Políticas de acceso de marcación KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: On the Windows Server 2003 Remote Access Server, where do you configure dial-in permissions for groups of users? The correct answer is 2, Remote Access Policies. Within the Remote Access Policies container of either the Routing and Remote Access Service or the Internet Authentication Service management consoles, you can create policies to allow or deny remote access permissions to the network. The AD Users and Computers console provides options for user specific remote access settings but does not assign permissions. As we’ll see in the last section of this session, it’s the Internet Authentication Service, not the Internet Authorization Service. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: De las siguientes tecnologías de infraestructura de marcación, ...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] ISDN X.25 ATM PSTN

De las siguientes tecnologías de infraestructura de marcación, ¿cuál proporciona las velocidades de transmisión más lentas en general? ISDN X.25 ATM PSTN KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Of the following dial-up infrastructure technologies, which provides the slowest overall transmissions rates? The correct answer is 4, PSTN. The Public Switched Telephone Network uses the traditional telephone system infrastructure to transmit data. Due to its technological limitations, the PSTN system limits transmissions speeds to about 34kbps upstream and downstream. The other technologies use the same infrastructure but uses it in different ways to increase the bandwidth, such as using digital signals rather than analog. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Cuál de los siguientes Protocolos de acceso remoto...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Protocolo de punto a punto Protocolo de control de transmisión Protocolo de línea serial de Internet Tanto 1 como 3

¿Cuál de los siguientes Protocolos de acceso remoto cuenta con soporte de Windows Server 2003? Protocolo de punto a punto Protocolo de control de transmisión Protocolo de línea serial de Internet Tanto 1 como 3 KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Which of the following Remote Access Protocols does Windows Server 2003 support? The correct answer is 4. Windows Server 2003 supports both PPP and SLIP remote access protocols. TCP/IP is not considered a remote access protocol. SLIDE TRANSITION: Now let’s return to the agenda. ADDITIONAL INFORMATION FOR PRESENTER:

RADIUS e IAS KEY MESSAGE: Agenda SLIDE BUILDS: 0 SLIDE SCRIPT: Now we’ll look at how to provide remote clients with faster access to the network by using Virtual Private Networks. SLIDE TRANSITION: What is a virtual private network? ADDITIONAL INFORMATION FOR PRESENTER:

Redes privadas virtuales ¿Qué es VPN?
Oficina en Londres KEY MESSAGE: What is VPN? SLIDE BUILDS: 2 SLIDE SCRIPT: [BUILD1] The VPN technology included in Windows Server 2003 helps enable cost-effective, secure remote access to private networks. VPN allows you to take advantage of the Internet to help provide the functionality and security of private WAN connections at a lower cost. VPN connections use either Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol/Internet Protocol (L2TP) security over an intermediate network, such as the Internet. By using the Internet as a connection medium, VPN saves the cost of long-distance phone service and hardware costs associated with using dial-up or leased line connections. A VPN solution includes advanced security technologies such as data encryption, authentication, authorization, and Network Access Quarantine Control. [BUILD2] Site-to-site VPN connections or routed VPN connections enable organizations to have routed connections between separate offices or with other organizations over a public network while helping to maintain secure communications. A routed VPN connection across the Internet logically operates as a dedicated WAN link. When networks are connected over the Internet, a router forwards packets to another router across a VPN connection. To the routers, the VPN connection operates as a data-link layer link. SLIDE TRANSITION: How does the VPN connection transmit this data? ADDITIONAL INFORMATION FOR PRESENTER: Escenario VPN básico Enlace WAN dedicado Equivalente lógico Oficina en Seattle

Redes privadas virtuales Cómo funciona el protocolo de túnel
Servidor VPN Internet Firewall Servidor VPN KEY MESSAGE: How Tunneling Works SLIDE BUILDS: 9 SLIDE SCRIPT: [BUILD1] Tunneling is a method of using a network infrastructure to transfer data for one network over another network. The data or payload to be transferred can be the frames or packets of another networking protocol, such as TCP/IP. [BUILD2] Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate network. [BUILD3] Tunneling enables the encapsulation of a packet from one type of protocol within the datagram of a different protocol. For example, VPN uses PPTP to encapsulate IP packets over a public network such as the Internet. The original IP packets are encrypted and cannot be decrypted without the key that the receiving VPN server holds. The tunneling protocol attaches header and trailer packets to facilitating the VPN routing through the Internet. [BUILD4] The encapsulated packets are then routed between tunnel endpoints over the network. The logical path through which the encapsulated packets travel through the network is called a tunnel. [BUILD5] After the encapsulated frames reach their destination on the network, the frame is de-encapsulated (the header is removed) and the payload is forwarded to its final destination. Tunneling includes this entire process; encapsulation, transmission, and de-encapsulation of packets. [BUILD6] Windows Server 2003 supports two VPN tunneling protocols, PPTP and L2TP. Both depend heavily on the features originally specified for PPP. PPP was designed to send data across dial-up or dedicated point-to-point connections. For IP, PPP encapsulates IP packets within PPP frames and then transmits the encapsulated PPP-packets across a point-to-point link. PPP was originally defined as the protocol to use between a dial-up client and a network access server. Protocolos de túnel VPN Protocolo de túnel de punto a punto (PPTP) Protocolo de túnel de dos capas (L2TP) L2TP/Seguridad de protocolo de Internet (L2TP/IPSec) Paquete de datos (Encriptar) Encabezado del protocolo de túnel Cliente en Londres Rastreador de protocolo de túnel Servidor en Nueva York

Redes privadas virtuales Cómo funciona el protocolo de túnel
Servidor VPN Internet Firewall Servidor VPN KEY MESSAGE: How Tunneling Works SLIDE BUILDS: 9 SLIDE SCRIPT: [BUILD7] PPTP allows multi-protocol traffic to be encrypted and then encapsulated in an IP header to be sent across an organization’s IP network or a public IP network such as the Internet. PPTP encapsulates PPP frames in IP datagrams for transmission over the network. PPTP can be used for remote access and site-to-site VPN connections. PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. [BUILD8] L2TP allows multi-protocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, frame relay, or ATM. L2TP is a combination of PPTP and Layer 2 Forwarding. L2TP represents the best features of PPTP and L2F. L2TP encapsulates PPP frames to be sent over IP, X.25, frame relay, or ATM networks. When configured to use IP as its datagram transport, L2TP can be used as a tunneling protocol over the Internet. L2TP over IP networks uses UDP and a series of L2TP messages for tunnel management. L2TP also uses UDP to send L2TP-encapsulated PPP frames as tunneled data. The payloads of encapsulated PPP frames can be encrypted, compressed, or both. [BUILD9] In the Microsoft implementation of L2TP, IPSec Encapsulating Security Payload in transport mode is used to encrypt L2TP traffic. The combination of L2TP as the tunneling protocol and IPSec as the method of encryption is known as L2TP/IPSec. SLIDE TRANSITION: Next let’s look how to plan the network layout. ADDITIONAL INFORMATION FOR PRESENTER: Protocolos de túnel VPN Protocolo de túnel de punto a punto (PPTP) Protocolo de túnel de dos capas (L2TP) L2TP/Seguridad de protocolo de Internet (L2TP/IPSec) Paquete de datos (Encriptar) Encabezado del protocolo de túnel Cliente en Londres Rastreador de protocolo de túnel Servidor en Nueva York

Redes privadas virtuales Planeación arquitectónica
Internet Firewall Intranet Firewall Servidor VPN KEY MESSAGE: Architectural Planning SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] In deciding where to place remote access servers on your network, consider firewall placement and the placement of other network resources. Place remote access servers close to the network resources that remote access clients need. These resources might include a certificates authority, a RADIUS server, a domain controller, or file and application servers. Because a VPN design involves Internet connectivity, server placement relative to the firewall is a greater issue. [BUILD2] The most common configuration for a VPN remote access design is to locate the VPN server behind a firewall. In this configuration, the firewall is connected to the Internet, and the VPN server is an intranet resource that is connected to the perimeter network. The VPN server has an interface on both the perimeter network and the intranet. The Internet firewall filters all traffic from Internet clients. The intranet firewall, the firewall between the VPN server and the intranet, filters intranet traffic from VPN clients. Placing a VPN server behind the firewall requires two main considerations. First, you must configure the Internet interface on the firewall with inbound and outbound filters that allow traffic to the VPN server. You can specify additional filters to allow traffic to the Web servers, FTP servers, and other types of servers on the perimeter network. Second, for an added layer of security, configure the perimeter network interface on the VPN server with PPTP or L2TP/IPSec packet filters. [BUILD3] Another option is to place the VPN server in front of the firewall, directly connected to the Internet. For inbound traffic, the VPN server decrypts the tunneled data and forwards it to the firewall. The firewall acts as a filter for intranet traffic, and it can prevent access to specific resources, scan data for viruses, perform intrusion detection, and carry out other functions. To place a VPN server in front of the firewall, you must configure inbound and outbound filters on the VPN server to allow only VPN traffic to and from the IP address of the VPN server's Internet interface. SLIDE TRANSITION: Let’s look at the security of the VPN connection. ADDITIONAL INFORMATION FOR PRESENTER: Cliente en Londres

Redes privadas virtuales Consideraciones adicionales
Requerimientos de NAT para Protocolos VPN Utilizar NAT con conexiones PPTP Utilizar NAT con conexiones L2TP Seleccionar un protocolo de autenticación Utilice MS-CHAP v2 o EAP-TLS Seleccionar el alcance y nivel de encriptación Siempre encripte las transmisiones a través de Internet Protección proporcionada por el vínculo de encriptación La encriptación de la VPN protege las conexiones de marcación KEY MESSAGE: Additional Considerations SLIDE BUILDS: 6 SLIDE SCRIPT: [BUILD1] If you are using network address translation, or NAT, with your VPN server solution, your security plan for remote access must include the required setup for placing VPN clients behind a NAT. The VPN protocol that you deploy affects the NAT requirements. NAT translates the IP addresses and TCP/UDP port numbers of packets that are forwarded between a private network and the Internet. The NAT on the private network can provide IP address configuration information to the other computers on the private network. The NAT can act as a simplified DHCP server that allocates an IP address, a subnet mask, a default gateway, and the IP address of a DNS server. The NAT can become the DNS proxy for the computers on the private network. When the NAT receives name resolution requests from a computer on the private network, it forwards the request to a specified Internet-based DNS server and returns a response to the requesting computer on the private network. [BUILD2] If a VPN client that uses a PPTP connection is behind a NAT, the NAT must include a NAT editor that can translate PPTP traffic. The NAT editor is required because PPTP tunneled data has a Generic Routing Encapsulation header rather than a TCP header or a UDP header. The NAT editor uses the Call ID field in the GRE header to identify the PPTP data stream and translate IP addresses and call IDs for PPTP data packets that are forwarded between a private network and the Internet. The NAT/Basic Firewall routing protocol component of the Routing and Remote Access service includes a NAT editor for PPTP traffic. [BUILD3] IPSec NAT Traversal enables IPSec peers to communicate when behind a NAT. IPSec NAT-T provides UDP encapsulation of IPSec packets to enable Internet Key Exchange and Encapsulating Security Payload-protected traffic to pass through a NAT. Internet Key Exchange automatically detects that a NAT is present and uses User Datagram Protocol - Encapsulating Security Payload encapsulation to enable ESP-protected IPSec traffic to pass through the NAT. To use NAT-T, both the remote access VPN client and the remote access server must support IPSec NAT-T. IPSec NAT-T is supported by Windows Server 2003 and Microsoft L2TP/IPSec VPN Client.

Redes privadas virtuales Consideraciones adicionales
Requerimientos de NAT para Protocolos VPN Utilizar NAT con conexiones PPTP Utilizar NAT con conexiones L2TP Seleccionar un protocolo de autenticación Utilice MS-CHAP v2 o EAP-TLS Seleccionar el alcance y nivel de encriptación Siempre encripte las transmisiones a través de Internet Protección proporcionada por el vínculo de encriptación La encriptación de la VPN protege las conexiones de marcación KEY MESSAGE: Additional Considerations SLIDE BUILDS: 6 SLIDE SCRIPT: [BUILD4] Because L2TP/IPSec user authentication occurs after the VPN client and the VPN server have established a secure channel of communication, your choice of authentication protocol has no effect on VPN security if you use L2TP/IPSec. However the use of MS-CHAP v2 and EAP-TLS is recommended. To use encryption on a PPTP connection, you must use MS-CHAP, MS-CHAP v2, or EAP-TLS. [BUILD5] On a VPN, you protect your data by encrypting it between the VPN client and the VPN server. Always use data encryption for VPN connections when private data is sent across a public network, which always presents a risk of interception. For VPN connections, Windows Server 2003 uses MPPE for PPTP connections and IPSec encryption for L2TP connections. Note that non-encrypted PPTP connections, over which the PPP frame is sent in plaintext, and non-encrypted non-IPSec-based L2TP connections, over which the PPP frame is sent in plaintext, are not secure, and they are not recommended for VPN connections over the Internet. To ensure successful encryption and decryption, the sender and the receiver must use a common encryption key. The length of the encryption key is an important security parameter, especially over public networks. To ensure the highest level of encryption, use the largest key size. [BUILD6] In link encryption, data is encrypted only on the link between the VPN client and the VPN server. A VPN connection has link encryption, regardless of the VPN protocol in use. PPTP connections use MPPE with MS-CHAP, MS-CHAP v2, or EAP-TLS authentication. For L2TP/IPSec connections, IPSec provides encryption on the link between the VPN client and the VPN server. When data encryption is performed between the VPN client and the VPN server, you do not need to encrypt the data on the communication link between a dial-up client and its ISP. For example, a mobile user might use a dial-up networking connection to dial in to a local ISP. After the Internet connection is made, the user creates a VPN connection with the enterprise VPN server. Because the VPN connection is encrypted, no encryption is needed on the dial-up networking connection between the user and the ISP. SLIDE TRANSITION: Next we’ll go to the second demonstration. ADDITIONAL INFORMATION FOR PRESENTER:

demo Redes privadas virtuales
Agregar acceso VPN a través de política de acceso remoto Crear una conexión de VPN del cliente Explorar las propiedades de conexión VPN Establecer una conexión VPN KEY MESSAGE: Demonstration: Virtual Private Networks SLIDE BUILDS: 0 SLIDE SCRIPT: SLIDE TRANSITION: Now let’s review what we covered in this section. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Qué protocolos de autenticación proporcionan...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] MS-CHAP v1 MS-CHAP v2 EAP-TLS Todos los anteriores

Redes privadas virtuales Repaso
¿Qué protocolos de autenticación proporcionan encriptación de datos? MS-CHAP v1 MS-CHAP v2 EAP-TLS Todos los anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: Which authentication protocols provide data encryption? The correct answer is 4, all of the above. Each of the VPN authentication protocols provide for data encryption. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Para habilitar el acceso a la VPN para una Política de acceso ...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Tipo de puerto NAS Tipo de servicio Tipo de túnel Tipo de autenticación

Para habilitar el acceso a la VPN para una Política de acceso remoto existente, ¿a qué condición de política agrega el atributo Virtual (VPN)? Tipo de puerto NAS Tipo de servicio Tipo de túnel Tipo de autenticación KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: To enable VPN access to an existing Remote Access Policy, to which policy condition do you add the Virtual (VPN) attribute? The correct answer is 1, NAS-Port-Type. This attribute determines the type of physical port that is used, such as cable, ethernet, ISDN, wireless, or virtual. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Después de configurar la Ruta y el Acceso remoto en...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] PPTP PPPOE L2TP Todos los anteriores

Después de configurar la Ruta y el Acceso remoto en Windows Server 2003, ¿qué tipos de WAN están disponibles por predeterminación? PPTP PPPOE L2TP Todos los anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: After configuring Routing and Remote Access on a Windows Server 2003 server, what types of WAN Miniports are available by default? The correct answer is 4, all of the above. After configuring Routing and Remote Access, you will see five PPTP ports, five L2TP ports, and one PPPOE port when accessing the Ports container in the management console. SLIDE TRANSITION: Now let’s return to the agenda. ADDITIONAL INFORMATION FOR PRESENTER:

RADIUS e IAS KEY MESSAGE: Agenda SLIDE BUILDS: 0 SLIDE SCRIPT: In the last section this Webcast, we’ll look at how to use the Internet Authentication Service and RADIUS to centrally manage the remote access infrastructure. SLIDE TRANSITION: Let’s start with the basics. ADDITIONAL INFORMATION FOR PRESENTER:

RADIUS e IAS Descripción general de IAS
Implementa RADIUS Simplifica la administración Centraliza la autenticación Centraliza la autorización Centraliza la auditoría Centraliza la contabilidad Integrado con Active Directory IAS como un Proxy de RADIUS Control de cuarentena de acceso a la red KEY MESSAGE: Overview of IAS SLIDE BUILDS: 5 SLIDE SCRIPT: [BUILD1] On Windows Server 2003, IAS implements the IETF standard Remote Authentication Dial-in User Service, or RADIUS, protocol which enables the use of a homogeneous or heterogeneous network of dial-up, VPN, wireless, or authenticating switch equipment. When a remote client tries to connect to an access server configured to use the RADIUS protocol, the access server sends the connection request to the IAS server by using the RADIUS protocol. With RADIUS proxy support, you can use IAS as a RADIUS message router or forwarder between access servers and other IAS servers. Based on attributes in the incoming RADIUS message, the RADIUS proxy forwards the message to a specific RADIUS server or client. [BUILD2] Windows Server 2003 IAS enables you to centralize authorization, authentication, and accounting for remote access clients, enhancing the security of your network. Windows Server 2003 IAS works with other standards-based implementations of the RADIUS protocol, so that you can use it with any standards-compliant RADIUS client, server, or proxy server. [BUILD3] IAS allows you to take advantage of Active Directory for user authentication, authorization, and client configuration, thus reducing management costs. [BUILD4] The proxy component of IAS supports the ability to separate the authentication and authorization of connection requests from access servers. The IAS proxy can forward password-based user credentials to an external RADIUS server for authentication, and perform authorization against a user account in an Active Directory domain and a locally configured remote access policy. Alternate user authentication databases can be used but connection authorization and restrictions are still determined through local administration. [BUILD5] IAS Network Access Quarantine Control provides phased network access, which restricts the access of remote clients to quarantine mode until each client is either verified as meeting or configured according to organization network access policy. After the client computer configuration is verified as meeting organization network policy, the quarantine restrictions, which consist of Quarantine IP-Filters and Session Timers, are removed and standard remote access policy is applied to the connection. SLIDE TRANSITION: Let’s look various roles of an IAS server. ADDITIONAL INFORMATION FOR PRESENTER:

Proveedor de servicio de Internet Proveedor de servicio de Internet
RADIUS e IAS Roles de servidor de IAS IAS como un proxy RADIUS y un servidor RADIUS Servidor de acceso Cliente de acceso Contoso.com IAS como un servidor RADIUS Fabrikam.com Contoso.com Proveedor de servicio de Internet IAS como un servidor RADIUS IAS como un proxy RADIUS Servidor de acceso Cliente de acceso Contoso.com IAS como un servidor RADIUS Cliente de acceso Servidores de acceso Proveedor de servicio de Internet IAS como un servidor RADIUS IAS como un proxy RADIUS Servidor de acceso Cliente de acceso Contoso.com IAS como un servidor RADIUS IAS como un RADIUS Proxy Cliente de acceso Fabrikam.com KEY MESSAGE: IAS Server Roles SLIDE BUILDS: 5 SLIDE SCRIPT: [BUILD1] You can configure your IAS server to act as a RADIUS server, a RADIUS proxy, or both, depending on where you want network access requests to be authenticated. If you want your IAS server to authenticate the connection requests that it receives, rather than forwarding connection requests to another IAS server, use the IAS server as a RADIUS server. For example, if your access servers connect directly to your network, then the IAS server is configured as a RADIUS server to authenticate the connection. An access client connects to an access server. The access server sends a connection request to an IAS RADIUS server located on the corporate network, which authenticates and authorizes the connection attempt. [BUILD2] If you want an IAS server to forward connection requests to another IAS server, use IAS as a RADIUS proxy, which may take one of many forms. Here we see an ISP providing outsourced network connection services to multiple customers. The ISP’s network access servers send connection requests to the IAS RADIUS proxy. Based on the realm portion of the user name in the connection request, the IAS RADIUS proxy forwards the connection request to a RADIUS server maintained by our local IAS Server that can authenticate and authorize the connection attempt. [BUILD3] In this next example, we have multiple forests and want to perform cross-forest authentication with Extensible Authentication Protocol - Transport Layer Security, or EAP-TLS. Rather than configuring the access servers to send their connection requests to an IAS RADIUS server, we’ll configure them to send their connection requests to an IAS RADIUS proxy. The IAS RADIUS proxy uses the domain name portion of the user name and forwards the request to the IAS server in the appropriate forest. [BUILD4] Here we have an example of using the IAS as a radius proxy to increase the capacity for connection requests. In this case, rather than configure the access servers to attempt to load balance across multiple RADIUS servers, we configure them to send their connection requests to an IAS RADIUS proxy. The IAS RADIUS proxy can load balance across multiple RADIUS servers and scale up to large numbers of RADIUS clients and authentications per second. In this example, the remote client connects to an access server, which is the RADIUS client. The access server sends the authentication request to the RADIUS proxy, which load balances the request across multiple IAS servers. [BUILD5] In this last example, we’ll use the IAS server as both a RADIUS Proxy and a RADIUS server. Here we need the IAS server to authenticate some requests, but to forward other requests. For example, if we’re performing cross-forest authentication, we’ll use the IAS server as a RADIUS server to authenticate users in the same forest, and use it as a RADIUS proxy to forward authentication requests to another IAS server for users in another forest. The remote client connects to an IAS server configured as both a RADIUS server and a RADIUS proxy. Based on the realm portion of the access client user name, the IAS server determines whether to authenticate the request directly or forward the authentication request on to another IAS server in a different forest. SLIDE TRANSITION: How do you integrate IAS with a Certificate infrastructure? ADDITIONAL INFORMATION FOR PRESENTER:

RADIUS e IAS Integración e infraestructura del certificado
Servidor de certificado Servidor de certificado raíz KEY MESSAGE: Certificate Infrastructure Integration SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] Whether you need a certificate infrastructure for IAS depends on what authentication protocol you use. If you are using either EAP-TLS or CHAPv2, you need a certificate infrastructure for your clients. Otherwise, you do not. [BUILD2] The certificate infrastructure consists of the three general components; one or more certificate servers, an IAS server with a certificate, and clients with certificates [BUILD3] When using PEAP-EAP-MS-CHAPv2 or EAP-TLS, you must install a computer certificate on your IAS servers. The certificate must be issued from a Certificate Authority that can follow a certificate chain to a root CA that is trusted by the access clients. Likewise, the IAS server must trust the root CA of the Certificate Server that issued the user or computer certificate to the access client. You can install multiple computer certificates on the IAS servers and configure separate remote access policies to use different computer certificates. However, you can select only a single certificate for all remote access policies that specify authentication by using EAP-TLS. The server certificate must also contain the Server Authentication purpose in Enhanced Key Usage extensions, and meet other certificate requirements for PEAP and EAP authentication. To install a certificate on the IAS server, you can use Group Policy and auto-enrollment, the CA Web enrollment tool provided with Certificate Services for Windows Server 2003, or you can request a certificate by using the Certificates snap-in. SLIDE TRANSITION: Aside from using certificates, let’s look at some other security best practices. ADDITIONAL INFORMATION FOR PRESENTER: Rutas de confianza RAS / IAS Cliente Protocolos de autenticación: EAP-TLS PEAP-EAP-MS-CHAPv2

RADIUS e IAS Mejores prácticas de seguridad
Utilice potentes secretos de uso compartido Utilice valores alfanuméricos al azar Utilice el atributo de autenticador de mensajes Al utilizar PAP, CHAP, MS-CHAP, MS-CHAPv2 Configuración del firewall Tanto de los firewalls de Internet como de Intranet Habilite el cierre de cuentas de acceso remoto Establezca el cierre de marcación menor al cierre del nivel de dominio KEY MESSAGE: Security Best Practices SLIDE BUILDS: 5 SLIDE SCRIPT: [BUILD1] It is important to secure your IAS server. Regardless of whether you configure your IAS server as a RADIUS server or a RADIUS proxy, you must apply a number of basic security precautions. RADIUS supports a simple password called a secret. Configure strong shared secrets to prevent dictionary attacks, and change them frequently. RADIUS secrets are combined with a 16-byte random number and then passed through a one-way Message Digest 5 hash to create a 16-byte encryption value. The 16-byte encryption value is stored with the password entered by the remote access user. Include RADIUS secrets in your remote access design when you are mutually authenticating RADIUS computers and you encrypt the remote user password. It is best to specify RADIUS secrets that are at least 16 characters in length and that include uppercase letters, lowercase letters, numbers, and punctuation. [BUILD2] Use the Message-Authenticator attribute, also known as a digital signature or the signature attribute, for connection requests that use the PAP, CHAP, MS-CHAP, and MS-CHAPv2 authentication protocols. This attribute ensures that an incoming RADIUS Access-Request message was sent from a RADIUS client configured with the correct shared secret. You must enable the use of the Message-Authenticator attribute on both the IAS server, as part of the configuration of the RADIUS client, and the RADIUS client, the network access server or RADIUS proxy. Ensure that the RADIUS client supports the Message-Authenticator attribute before you enable the attribute. The Message-Authenticator attribute is always used with EAP, regardless of whether it is enabled on the IAS server and access server. [BUILD3] In the most common configuration, the Internet firewall is situated on the perimeter network between the secure network and the Internet. The perimeter network is an IP network segment that contains resources such as Web and VPN servers that are available to Internet users. In this configuration, the IAS server is an intranet resource that is connected to the perimeter network. If the IAS server is on a perimeter network, configure your Internet firewall to allow RADIUS messages to pass between the IAS server and RADIUS clients on the Internet. You might need to configure an additional firewall that is placed between your perimeter network and your intranet, which allows traffic to flow between the IAS server on the perimeter network and domain controllers on the intranet. [BUILD4] Finally, enable remote access account lockout to protect against online dictionary attacks. Remote access account lockout disables network access for user accounts after a configured number of failed connection attempts has been reached. Remote access account lockout can also be used to prevent a malicious user from intentionally locking out a domain account by attempting to make multiple dial-up or VPN connections with the wrong password. You can set the number of failed attempts for remote access account lockout to a number that is lower than the number of logon retries for domain account lockout. By doing this, remote access account lockout occurs before domain account lockout, which prevents the domain account from being intentionally locked out. SLIDE TRANSITION: Next we’ll go to our last demonstration. ADDITIONAL INFORMATION FOR PRESENTER:

demo RADIUS e IAS Habilitar la autenticación y contabilidad de RADIUS
Instalar un Servidor RADIUS Configurar IAS para RADIUS Probar la configuración de RADIUS KEY MESSAGE: Demonstration: RADIUS and IAS SLIDE BUILDS: 0 SLIDE SCRIPT: SLIDE TRANSITION: Now let’s review what we covered in this section of the Webcast series. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Cuál de los siguientes roles puede proporcionar el servidor IAS...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Servidor RADIUS y Proxy Servidor de marcación Servidor VPN Todos los anteriores

RADIUS e IAS Repaso ¿Cuál de los siguientes roles puede proporcionar el servidor IAS? Servidor RADIUS y Proxy Servidor de marcación Servidor VPN Todos los anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: The IAS server can provide which of the following roles? The correct answer is 1, RADIUS Server and Proxy. IAS provides RADIUS services and centralizes authentication, authorization, accounting and auditing, but it does not act as the dial-up or VPN server. You still must configure RRAS to provide dial-up or VPN services. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: ¿Cuál de las siguientes funcionalidades ...
[Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] Balance de carga para la autenticación de acceso remoto Proxy de acceso remoto en ISP de terceros Proxy de acceso remoto para varios bosques Todas las anteriores

RADIUS e IAS Repaso ¿Cuál de las siguientes funcionalidades puede
proporcionar el servidor proxy IAS de RADIUS? Balance de carga para la autenticación de acceso remoto Proxy de acceso remoto en ISP de terceros Proxy de acceso remoto para varios bosques Todas las anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: The IAS RADIUS Proxy Server can provide which of the following functionalities? The correct answer is 4, all of the above. The IAS RADIUS Proxy server can serve four different architectural roles; IAS proxy at a third-party ISP, IAS proxy with multiple forests, IAS proxy for load balancing, and a combination of IAS RADIUS server and proxy. SLIDE TRANSITION: Let’s try another question. ADDITIONAL INFORMATION FOR PRESENTER:

Consulta: Por predeterminación, después de configurar un servidor RAS para autenticación y contabilidad para RADIUS... [Consulta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar las propiedades de la diapositiva... para editar.] El MMC de rutas y acceso remoto El MMC de servicio de autenticación de Internet C:\windows\system32\logfiles en el Servidor IAS Todas las anteriores

RADIUS e IAS Repaso Por predeterminación, después de configurar un
servidor RAS para autenticación y contabilidad para RADIUS ¿dónde accede a los archivos de registro del Servidor de acceso remoto? El MMC de rutas y acceso remoto El MMC de servicio de autenticación de Internet C:\windows\system32\logfiles en el Servidor IAS Todas las anteriores KEY MESSAGE: Review Answer SLIDE BUILDS: 0 SLIDE SCRIPT: By default, after configuring a RAS server for RADIUS authentication and accounting, where do you access the Remote Access Server’s log files? The correct answer is 3. Neither the RRAS or the IAS management consoles provide access to the actual log files, though we do configure the location of the log files through these consoles. To access the log files, you must access the Log Files folder directly through Windows Explorer. SLIDE TRANSITION: Let’s review what we covered in today’s session. ADDITIONAL INFORMATION FOR PRESENTER:

Resumen de la sesión Proporcione acceso remoto a los usuarios remotos a través de una conexión de marcación o VPN mediante un Servidor de acceso remoto Centralice la autenticación, autorización, contabilidad y auditoría a través de la implementación de IAS del protocolo RADIUS Siga las mejores prácticas para implementar el Acceso remoto e IAS Secretos sólidos, encriptación, protocolos de autenticación KEY MESSAGE: Session Summary SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] We’ve covered a lot of information in this session. We started by looking at how RAS provides a way for users to access the local network through either a dial-up or VPN connection. This technology can also provide users with access to the network through wireless access points or connect two private networks as another type of virtual private network implementations. [BUILD2] We looked at how Internet Authentication Service, or IAS, provides for the centralized management and accounting for multiple remote access servers. The IAS role can provide for centralized authentication when configured as a RADIUS server or as an authentication router when configured as a RADIUS proxy. [BUILD3] Finally, we looked at some security consideration and best practices for both the RAS and IAS server roles. These include the use of strong shared secrets, using strong encryption, and strong authentication protocols. SLIDE TRANSITION: For more information, refer to the TechNet website. ADDITIONAL INFORMATION FOR PRESENTER:

Pasos a seguir Laboratorios virtuales gratuitos de Windows Server 2003: Kit de evaluación de Windows Server 2003: Capacitación y eventos de Windows Server 2003: Experience Windows Server 2003 firsthand with our online hands-on labs. Register for the 180-day trial version of the software or download it today. More event options for you to enhance your understanding of the new technologies included in this version of the operating system

Para mayores informes... www.microsoft.com/technet/tnt4-04
Visite TechNet en Para obtener información adicional sobre los libros, cursos y otros recursos de la comunidad que respalden esta sesión visite KEY MESSAGE: More Information SLIDE BUILDS: 0 SLIDE SCRIPT: For the most comprehensive technical information on Microsoft products visit the main TechNet Web site at Additionally visit for more concise information on books, courses, certifications and other community resources that related directly to this particular session. SLIDE TRANSITION: What other resources are available from TechNet. ADDITIONAL INFORMATION FOR PRESENTER:

Series de difusiones por el Web: Administración de Windows Server 2003
¡Miércoles, 1:00 P.M. tiempo del Pacífico durante 12 semanas! Del 9 de febrero al 27 de abril de 2005 ¿Utiliza las funciones de administración por completo de Windows Server 2003? En esta emocionante serie de difusiones por el Web para profesionales de informática y administradores de sistemas, los expertos en la materia de Microsoft le muestran cómo obtener el máximo de sus funciones de administración de Windows Server 2003. Además: Asista a una difusión por el Web en vivo de Administración de Microsoft Windows Server 2003 y califique para ganar un Centro de medios portátil precargado con nuestras mejores difusiones por el Web de TechNet! Tune in for Part 3 – next week at this time!

KEY MESSAGE: Tag line SLIDE BUILDS: 0 SLIDE SCRIPT: SLIDE TRANSITION: ADDITIONAL INFORMATION FOR PRESENTER:

Microsoft Press Información interna para profesionales de informática
KEY MESSAGE: MS Press SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] Introducing Microsoft® Windows® Server 2003 By Jerry Honeycutt. This book/CD-ROM guide provides information and tools needed to understand, evaluate, and begin deployment planning for Windows Server 2003, whether upgrading from Microsoft Windows NT or Windows 2000 Server. Coverage encompasses features and requirements, management and security services, communications, and multilingual support, as well as testing for application compatibility. [BUILD2] Active Directory® for Microsoft® Windows® Server 2003 Technical Reference by Mike Mulcare and Stan Reimer. This book guides readers through advanced design and deployment issues related to using Active Directory in the Windows Server 2003 environment. Coverage includes underlying concepts, architectural components, and real-world functionality, with sections on overview, implementation, administration, and maintenance. [BUILD3] Microsoft® Windows® Server 2003 TCP/IP Protocols and Services Technical Reference by Joseph Davies and Thomas Lee. A thorough reference to the TCP/IP protocols and services that Windows Server 2003 supports, with emphasis on how they work and how they are used in the operating system. Includes updated information about Point-to-Point Protocol (PPP), Remote Authentication Dial-In User Service (RADIUS), IP Security (IPSec), and Virtual Private Networks (VPNs). SLIDE TRANSITION: Several third party books will also provide helpful information. ADDITIONAL INFORMATION FOR PRESENTER: Para encontrar los títulos más recientes, visite

Publicaciones de terceros   Publicaciones complementarias para los profesionales de informática
KEY MESSAGE: Third Party Books SLIDE BUILDS: 3 SLIDE SCRIPT: [BUILD1] Microsoft Windows Server 2003 Delta Guide by Don Jones, Mark Rouse. Why should new versions of mission-critical technologies mean starting from scratch? If you already know how to use Microsoft Windows Server 2000, leverage those skills to quickly become an expert on Microsoft Windows Server Microsoft Windows Server 2003 Delta Guide skips the basics and moves straight to what's new and what's changed. [BUILD2] Inside Windows Server 2003 by William Boswell. Written for systems administrators, architects, and designers, this guide outlines an approach to deploying and administering Windows 2003, with guidelines on installation, configuration, and management. [BUILD3] Mastering Active Directory for Windows Server 2003 by Robert King, Robert R. King. Provides instructions on how to use Active Directory, the Windows Server 2003 component enabling you to manage all network resources through a single native environment. SLIDE TRANSITION: Microsoft also offers instructor lead courses to expand your knowledge on these topics. ADDITIONAL INFORMATION FOR PRESENTER: Estos libros se pueden encontrar y adquirir en todas las librerías de prestigio y con los proveedores en línea

Microsoft Learning Recursos de capacitación para los Profesionales de informática
Título Disponible 2274 Administrar un ambiente de Microsoft Windows Server 2003 Ahora 2275 Mantener un ambiente de Microsoft Windows Server 2003 KEY MESSAGE: Talk about the E-Learning Course SLIDE BUILDS: 0 SLIDE SCRIPT: Microsoft Learning (formerly MS Training & Certification and MS Press) develops courseware called Microsoft Official Curriculum (MOC), which includes eLearning, MS Press Books, Workshops, Clinics, and Microsoft Skills Assessment. MOC is offered in instructor-led environments; it offers comprehensive training courses for IT professionals, support, and implement solutions using Microsoft products and technologies. The courses that best supports this session are Managing a Microsoft Windows Server 2003 Environment and Maintaining a Microsoft Windows Server 2003 Environment both of which are available now. For more information please visit SLIDE TRANSITION: There is also an assessment program available that can help you test you knowledge. ADDITIONAL INFORMATION FOR PRESENTER: Para ver el programa detallado o para encontrar un proveedor  de capacitación, visite

Evalúe su Preparación Evaluación de habilidades de Microsoft
¿Qué es la evaluación de habilidades de Microsoft? Una herramienta de aprendizaje de auto estudio para evaluar la preparación respecto a las soluciones de productos y tecnología, en lugar de roles de trabajo (certificación) Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 Sin costo, en línea, sin supervisión y disponibles para cualquiera Responde a la pregunta: “¿Estoy listo?” Determina las diferencias en habilidades y proporciona planes de estudio con cursos de Microsoft Official Curriculum Coloque su Calificación más alta para ver cómo se compara con los demás visite KEY MESSAGE: Microsoft Learning provides a free online learning tool SLIDE BUILDS: 0 SLIDE SCRIPT: Microsoft Skills Assessment is a free online learning tool. It’s an easy way for IT professionals to check your skills. You can quickly check your skills for implementing or managing Microsoft product or business solutions. Just take a short, 30 question assessment and see how well you know your stuff. The Skills Assessment includes a Personalized Learning Plan, which includes links to Microsoft Official Curriculum, specific TechNet articles, Microsoft Press books, and other Microsoft learning content. There’s also a way to measure how well you did compared with others who took the same assessment. Microsoft Skills Assessment is an expanding learning platform. Available now are assessments for Windows Server 2003, including security and patch management; Exchange Server 2003; Windows Storage Server; Office 2003; and Visual Studio .NET. SLIDE TRANSITION: If you want to take your skills assessment to the next level, there are a number of Certification programs available. ADDITIONAL INFORMATION FOR PRESENTER:

Conviértase en un Microsoft Certified Systems Administrator (MCSA)
¿Qué es la certificación MCSA? Para los Profesionales de informática que manejan y mantienen redes y sistemas basados en Microsoft Windows Server ¿Cómo me convierto en un MCSA de Microsoft Windows Server 2003? Apruebe tres exámenes básicos Apruebe un examen opcional o dos certificaciones CompTIA ¿Dónde obtengo mayores informes? KEY MESSAGE: Prove your skills administering a Windows Environment SLIDE BUILDS: 0 SLIDE SCRIPT: The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows Server Implementation responsibilities include installing and configuring parts of the systems. Management responsibilities include administering and supporting the systems. For more information about the MCSA certification, please visit SLIDE TRANSITION: The MCSE Certification is also available. ADDITIONAL INFORMATION FOR PRESENTER:

Conviértase en un Microsoft Certified Systems Engineer (MCSE)
¿Qué es la certificación MCSE? Certificación Premier para los Profesionales de informática que analizan los requisitos, diseñan, planean e implementan la infraestructura para las soluciones empresariales con base en Microsoft Windows Server System ¿Cómo me convierto en un MCSE en Microsoft Windows 2003? Apruebe seis exámenes básicos Apruebe uno de los exámenes opcionales de una lista completa ¿Dónde obtengo mayores informes? KEY MESSAGE: Prove your skills at designing, planning and implementing the Windows Server System SLIDE BUILDS: 0 SLIDE SCRIPT: The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems. For more information about the MCSE certification, please visit SLIDE TRANSITION: Here are some other certifications available. ADDITIONAL INFORMATION FOR PRESENTER:

Conviértase en un Microsoft Certified Desktop Support Technician (MCDST)
¿Qué es la certificación MCDST? Es la certificación Premier para los profesionales de soporte que avala que usted tiene las habilidades para dar soporte adecuado a los usuarios finales y para solucionar los problemas de los ambientes de escritorio que se ejecutan sobre el sistema operativo Microsoft Windows. ¿Cómo me convierto en un MCDST en Microsoft Windows XP? Apruebe dos exámenes básicos Sistemas operativos Dar soporte a las aplicaciones de PC Disponible en enero ¿Dónde obtengo mayores informes? KEY MESSAGE: Explain the MCDST program SLIDE BUILDS: 0 SLIDE SCRIPT: MCDST is the premier certification for support professionals. It proves you have the skills to successfully support end users and successfully troubleshoot desktop environments running on the Microsoft Windows operating system. For more information about the MCSE certification, please visit EXAMS REQUIRED: MCDST candidates are required to pass two core exams. Elective exams are not required. The two required exams are and SLIDE TRANSITION: [ADD THE TRANSISTION TO THE NEXT CERTIFICATION OR TECHNET DEPENDING ON WHAT SLIDE YOU INSERT NEXT] ADDITIONAL INFORMATION FOR PRESENTER:

Demuestre su especialización
¿Qué son las especializaciones MCSA/MCSE? Permite que los profesionales de informática resalten su experiencia específica en su rol de trabajo ¿Qué son las especializaciones que están disponibles? MCSA: Seguridad – MCSA: Mensajes MCSE: Seguridad – MCSE: Mensajes ¿Dónde obtengo mayores informes? o KEY MESSAGE: Introduce the Specialization certification available from Microsoft Learning SLIDE BUILDS: 0 SLIDE SCRIPT: The Microsoft Certified Systems Engineer and Systems Administrator specializations allow IT professionals to highlight specific expertise or technical focus within their job roles. There are two types of specializations available: Security and Messaging. To extend you current MSCE or MCSA certification to become a security specialist there are two additional exams. To extend you current MCSE or MCSA to become a Messaging specialist, there are two exams for the MCSE track and one exam for the MCSA track. SLIDE TRANSITION: This event is presented to you by TechNet, so what is TechNet? ADDITIONAL INFORMATION FOR PRESENTER:

Suscripciones a TechNet ¿Se enteró de lo más reciente?
¡Software sin límites de tiempo! El software para evaluación de la versión completa proporciona una mayor flexibilidad a los suscriptores a TechNet Plus. Soporte técnico gratuito. Los dos incidentes gratuitos de soporte técnico que se incluyen con todas las suscripciones a TechNet Plus le ahorran tiempo al resolver problemas de misión crítica. Tenga a la mano los recursos más actuales para evaluar, implementar y brindar soporte a las soluciones de Microsoft, que se ofrecen mensualmente en CD o en DVD, sin depender de una conectividad a Internet ni de los firewalls. KEY MESSAGE: TechNet Subscriptions SLIDE BUILDS: 0 SLIDE SCRIPT: Many of you may be familiar with the Microsoft TechNet events and the Web site, but have you heard the news about valuable benefits for TechNet Plus subscribers? Developed in response to customer feedback, TechNet Plus v2.0 is the most convenient and reliable source for evaluating, managing, and supporting Microsoft products. With TechNet Plus you can: Evaluate Microsoft software without time limits. This is a huge benefit and allows IT pros to try products such as Microsoft Office System and Windows Server System software without the worry of timing-out. Save time resolving mission-critical systems issues. TechNet Plus subscriptions include two complimentary technical support incidents to help IT pros resolve mission-critical issues fast. And, in countries where pay-per-incident support is offered, TechNet Plus subscribers receive a 20% discount on any additional support calls. TechNet Plus ensures there are resources available to address your technical issues, and that you have the most current resources on hand for evaluating, implementing, and supporting Microsoft solutions. For details on this visit SLIDE TRANSITION: TechNet also provides a number of community resources ADDITIONAL INFORMATION FOR PRESENTER:

¿En dónde puedo obtener ayuda?
Asista a un chat gratuito o transmisión Web  en Lista de grupos de noticias Sitios de la comunidad de Microsoft Eventos de la comunidad  Columna de la comunidad KEY MESSAGE: Where to get more help? SLIDE BUILDS: 0 SLIDE SCRIPT: There are a number of community resources available on TechNet, all of them then free. You can attend a regular chat with members of the products groups or technology specialists from Microsoft or you can attend a Web cast where you can see sessions like the one you’ve just watched, but presented live and with the ability to ask questions as you go. You can also locate or post questions into the public newsgroups. The newsgroup page lists the available groups, plus provides an interface for you to read and post into. Those TechNet Plus subscribers can use these groups to post questions that through your subscription ID will be answered by Microsoft within 24 hours. The main community site provides a comprehensive list of resources available, more than we can cover on this slide, plus the page has some dynamic features with continually updating content. The events page provides dates and details where you can attend a TechNet event live. These events take places worldwide and provide you the opportunity to take to Microsoft specialists face-to-face. And finally, the TechNet Columns provide a variety of topics written by industry author. SLIDE TRANSITION: Thank the audience for attending and sign off ADDITIONAL INFORMATION FOR PRESENTER:

TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:

Presentaciones similares

Presentación del tema: "TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:"— Transcripción de la presentación:

Presentaciones similares

Sobre el proyecto

Feedback

Iniciar la sesión

Autorizarse a través de una red social:

TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:

Presentaciones similares

Presentación del tema: "TNT4-04 KEY MESSAGE: Entry Slide SLIDE BUILDS: 0 SLIDE SCRIPT:"— Transcripción de la presentación:

Presentaciones similares

Sobre el proyecto

Feedback